struct sockaddr_un can be truncated.

When we have "struct sockaddr_un *s_un", we could not assume *s_un points to a memory region which size is at least sizeof(*s_un). Even worse, it may be shorter than sizeof(struct sockaddr) on some systems.

struct sockaddr_un can be truncated.
When we have "struct sockaddr_un *s_un", we could not assume *s_un points to a memory region which size is at least sizeof(*s_un). Even worse, it may be shorter than sizeof(struct sockaddr) on some systems.
5013d2b2 · Tomoyuki Sahara · 3618556a · 5013d2b2
Commit 5013d2b2 authored Jun 14, 2018 by Tomoyuki Sahara
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

mrbgems/mruby-socket/src/socket.c mrbgems/mruby-socket/src/socket.c +5 -1

No files found.
--- a/mrbgems/mruby-socket/src/socket.c
+++ b/mrbgems/mruby-socket/src/socket.c
@@ -214,7 +214,11 @@ mrb_addrinfo_unix_path(mrb_state *mrb, mrb_value self)
  sastr = mrb_iv_get(mrb, self, mrb_intern_lit(mrb, "@sockaddr"));
  if (((struct sockaddr *)RSTRING_PTR(sastr))->sa_family != AF_UNIX)
    mrb_raise(mrb, E_SOCKET_ERROR, "need AF_UNIX address");
-  return mrb_str_new_cstr(mrb, ((struct sockaddr_un *)RSTRING_PTR(sastr))->sun_path);
+  if (RSTRING_LEN(sastr) < offsetof(struct sockaddr_un, sun_path) + 1) {
+    return mrb_str_new(mrb, "", 0);
+  } else {
+    return mrb_str_new_cstr(mrb, ((struct sockaddr_un *)RSTRING_PTR(sastr))->sun_path);
+  }
 }
 #endif